GitLab has launched its 2026 AI Accountability Report, based mostly on a survey of 1,528 builders and know-how consumers throughout six nations.
The findings level to a widening hole between the fast uptake of AI coding instruments and the controls organisations use to trace, evaluation and govern the code they produce.
In line with the report, 91% of organisations now have not less than two AI coding instruments in energetic use, whereas 54% have three or extra. On the similar time, 78% of respondents mentioned builders are writing and committing code sooner since adopting AI instruments, and 60% mentioned returns from AI coding have exceeded expectations.
That velocity has not eliminated friction elsewhere within the software program course of. Whereas 79% of respondents mentioned AI has improved particular person developer productiveness, the general software program supply course of has not superior on the similar charge.
Management gaps
A central theme within the analysis is the issue many organisations face in figuring out and managing AI-generated code as soon as it enters manufacturing. The report discovered that 84% of respondents agreed the most important problem with AI-generated code is governing what occurs to it after it’s created.
It additionally discovered that 82% consider AI-generated code dangers creating a brand new type of technical debt that their organisation will not be ready to handle. Individually, 73% mentioned they’re involved concerning the maintainability of AI-generated code of their codebase.
Traceability stays a weak level. Solely 28% of respondents mentioned their software program growth lifecycle instruments are totally built-in with shared knowledge and workflows, suggesting many groups nonetheless depend on fragmented programs to trace code origins and possession.
The highest structural boundaries have been issue distinguishing AI-generated code from human-written code, cited by 43% of respondents, fragmented toolchains at 40%, and programs that don’t monitor code origin at 39%.
The survey additionally highlighted a niche between confidence and operational actuality throughout incidents. Whereas 87% of respondents mentioned they have been assured their crew might decide inside 24 hours whether or not AI-generated code had contributed to a manufacturing incident, 34% of organisations that skilled an incident up to now yr mentioned they may not truly make that willpower.
Governance lag
Governance emerged as one other concern. The report discovered that 80% of respondents mentioned their organisation adopted AI instruments sooner than it developed insurance policies to manipulate them, whereas 92% reported some type of governance problem linked to AI-generated code.
For a lot of organisations, that concern has moved from idea to danger administration. Some 83% of respondents recognized the buildup of AI-generated code as a danger that must be managed now, and 44% described it as a high know-how danger.
That seems to be driving deliberate spending. The report discovered that 91% of respondents are prone to spend money on AI code governance instruments over the subsequent 12 months, whereas 98% have already allotted or anticipate to allocate funds for that space.
The findings counsel the controversy round AI coding is shifting. Somewhat than focusing solely on code era velocity, organisations are more and more assessing whether or not they can confirm the place code got here from, what it was meant to do and who’s liable for it after deployment.
One other outcome underlined that shift. The survey discovered that 85% of respondents agree AI has moved the primary bottleneck from writing code to reviewing and validating it, suggesting growth groups could now be producing output sooner than their current assurance processes can deal with.
There have been additionally indicators that respondents anticipate the market to maneuver in that course. In line with the report, 85% agreed that the subsequent section of AI in software program will focus much less on producing code and extra on governing it.
The analysis was carried out by The Harris Ballot and coated respondents in North America, Europe and Asia-Pacific. It surveyed each builders and know-how consumers, reflecting views from technical customers in addition to folks concerned in software program buying and oversight.
GitLab framed AI accountability round three sensible questions for any line of AI-generated code: the place it got here from, what it was meant to do and who’s liable for it as soon as it’s in manufacturing. The outcomes counsel many organisations nonetheless battle to reply these questions persistently throughout their software program environments.
Manav Khurana, Chief Product and Advertising Officer at GitLab, commented on the findings:
“AI coding instruments have delivered on their promise of velocity. However the occasions of the previous few months, together with provide chain assaults, reliability points, and regulators tightening expectations round AI traceability and provenance, are making clear that velocity with out management is a legal responsibility, not a bonus. The groups considering forward are already asking the tougher query: can we truly management all of the code we’re producing? The organisations that may ship trusted software program sooner are those constructing the foundations of accountability with context, traceability, and governance baked into the platform, not simply bolted on after the actual fact.”